[Code-Crunchers] detecting blue pill and BH challege
Peter Ferrie
pferrie at symantec.com
Sun Jul 1 17:24:52 CDT 2007
But you don't get to control when the transition occurs, and you can't hide your memory because SMM does not use paging.
________________________________
From: Gil Dabah [mailto:arkon at ragestorm.net]
Sent: Sat 6/30/2007 3:46 PM
To: Fionnbharr
Cc: code-crunchers at whitestar.linuxbox.org
Subject: Re: [Code-Crunchers] detecting blue pill and BH challege
I still stick to my old idea that you can run in SMM mode and do
whatever you want...
Fionnbharr wrote:
> I would say timing attacks but it's hard to do a baseline to compare
> to in their competition.
>
> But there is also situations like the TLB + CPUID Ferrie talks about
> in his paper where you don't need a clean base. So my guess would be
> something like that.
>
> On 30/06/07, Gadi Evron <ge at linuxbox.org> wrote:
>
>> On 2007-06-29 15:28-0700, Peter Ferrie wrote:
>>
>>>> Hmm, so what do you think the detection technique is?
>>>>
>>>> Let's at least have one bet going here, winner gets free beer
>>>> once, from each of us who talk about the detection options, and
>>>> from me, too.
>>>>
>>> Oh, I can't collect. Bummer. ;-)
>>>
>> But you can buy them beer. :)
>>
>> _______________________________________________
>> Code-Crunchers mailing list
>> Code-Crunchers at whitestar.linuxbox.org
>> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>>
>>
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
>
_______________________________________________
Code-Crunchers mailing list
Code-Crunchers at whitestar.linuxbox.org
http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
More information about the Code-Crunchers
mailing list